Patriot Act

Bank of England CIO Peter Finch issued a misinformed warning in a recent article, telling companies that if your cloud provider is an “American company, it is likely that your data and processing is now subject to the American Patriot Act. And, if it is integrated to your infrastructure, it is likely that all your services are subject to the Patriot Act.” Such advice not only misinterprets and misrepresents US law, it misleadingly implies that US cloud providers are somehow both unable and unwilling to protect the data entrusted with them by their customers from US law enforcement agencies.

Since the news broke about the so-called PRISM surveillance and data collection program run by the NSA, we’ve received a lot of questions regarding whether Internet companies can be forced by the government to access and disclose data that is stored by customers in the cloud or in dedicated environments.